Resource Center

  • Equipment & Services
  • Glossary of Terms
  • Hiring a Consultant FAQ
  • News you can use



  • Up-to-date Virus Alerts
  • DSL/Cable Speed Test
  • Fight Spam!
  • Security Test
  • What's my IP address
    •  

    Virus & Pest Alert

    This is the first time we have been compelled to research, compose, and publish an alert. This speaks to the importance we ascribe to the issue of viral infection. Two recent events have served to reinforce this perception.

    1. A computer exhibiting erratic behavior was given to us to service. The machine was crashing frequently, its performace was badly degraded and the problems that were reported transcended applications.

    Our first reaction: an Operating System (OS) problem or a fundamental flaw at the motherboard level. Hardware diagnostics failed to reveal anything wrong with the machine. All installed software applications were mainstream (MS Office, Adobe Photoshop, etc.). Finally, we had to start thinking about something errant in code – like a virus – even though the client ran a closed shop. A scan was performed and, sure enough, the MyDoom virus was identified and eradicated. Once gone, normal system function was restored. The client was lucky in that no data were lost.

    2. The call came in. One system was unusable. Another was flaking from time to time. A third was beginning to flake out. With Windows 2000 as the server environment, Windows 2000 and XP at the desktops with no critical patches and updates and completely outdated virus definition files, we thought virus right away particularly since we found the most misbehaving system nearly full with games and various other internet downloads.

    The BugBear virus was found on each of the systems but could only be eradicated of two. The third system had its boot sector and other system files badly damaged and was unrecoverable. It had to be re-prepared from scratch (as though it was new) before full eradication could be accomplished. Needless to say, every system on the network had to be scanned given this scenario.

    At present, several thousand viruses are known to infect PC's. Most are relatively easy to detect, but eradication is another matter. Some stick themselves into vital system areas and corrupt on a grand scale, leading to wide-spread destruction of applications and data. In such cases, eradication might require re-prep of the drive, with consequent loss of everything on it. Others might only infect selected application files, and are amenable to eradication techniques that don’t involve loss. Others (mostly related to MS Word files) affect data directly and may result in the loss of valuable work product.

    Also, we want to bring attention to a new breed of malicious software called Pests that are, in many cases, more harmful than viruses and are not detected by commercially available products. These pests can slip past traditional firewalls causing everything from security breaches via stolen passwords to slowdowns and errors running software. Pest programs come in one of several forms: Spyware, Browser Helper Objects, Hijackers and Pop Up Ads.

    Spyware is typically defined as software which uses an Internet connection for silent communication with a server, for purposes of tracking a user's behavior. This can be for anything from password and account number collection, to hardware and software information, to browsing habits.

    Browser Helper Objects are loaded as an "assistant" into one's web browser, typically Internet Explorer. This type of pest can monitor browsing activity, replace banner ads with their own, and even adjust referral links to other web pages, for purposes of capturing commissions away from a legitimate affiliate site. Often this type of pest causes other errors in Windows since Internet Explorer is heavily tied in to the Explorer shell, the foundation of Windows.

    Hijackers are often used to reset a user's home page, search page, and Internet bookmarks to point to their sites, typically loaded with ads. Many watch continually, preventing the user from correcting their settings. And finally there is...

    Pop up ads. Almost everyone dislikes popup ads. They get in the way to the point that recent studies have indicated the browsing public actually can develop a negative response towards the advertised product or service. So why are they still in use? For the same reason spam e-mail is so prevalent. Simply put, if even 0.01% of viewers actually make a purchase, that is 100 sales per 1 million ads. Now, ad space on the major search engines is not that cheap so how do some advertisers manage it? By sneaking in.

    How Pests Arrive
    Often pests are installed as part of a "free" program downloaded from the Internet. Buried in the text of the license agreement during installation is a clause allowing the software's author to collect information and perhaps display ads on your screen. Common sources include Internet "search bars" and useful-sounding utilities.

    Many pests first appear in the form of ads disguised to look like legitimate error messages. Typically the user is prompted to install a fix for the error message. In addition to causing confusion for the user, some pests install themselves even after the user selects "No." Other pests can actually install themselves, without the user's knowledge, especially on PCs with older versions of Internet Explorer. Some pests offer an uninstall program...except that it doesn't actually uninstall the pest. Many will reinstall themselves when the system is next booted.

    Our responsibility
    We protect ourselves and you from these menaces. For one, our diagnostic diskettes are write-protected, thus eliminating us as an unwitting source of spread even if we come across an infected system in the course of out work. Also, we now routinely scan for viruses as one of the first steps in our diagnostic regimen. Only after we are certain that viruses aren’t a factor do we proceed with “normal diagnostics,” and either hardware or software repair. Finally, we advise our clients not only to acquire Anti Virus and Anti Pest software but also to keep udating it.

    Your responsibility
    Because of their increasing prevalence, we would encourage you to eliminate the “viral and pest possibility” by scanning the errant system(s) for malicious code and, if found, eradicating them on your own. This will save you time and money.

    Several Anti Virus packages are available but the one we like is Norton Anti Virus. If you don’t have it, we encourage you to get it. Regarding Pests, we highly recommend SpyBot, freely available here.

    Protecting Yourselves
    Dealing with the threat of viral and pest infections is a straight-forward process once you understand what is going on. Viruses and Pests are derived from sources outside your systems, floppies and downloads from the internet and e-mail attachments. In our experience, free games, “utilities,” and "enhancements" represent the most common source of viral and pest infections.

    It might be reasonable to develop, communicate, and enforce a policy that strictly prohibits the importation and use of anything but company authorized and owned (fresh from the manufacturer) applications. Where importation of applications or data via floppy or CD's can’t be avoided (i.e., work performed at home, intracompany transfer of information, transfers from other business entities), a policy requiring viral scan of source floppies prior to importation seems very reasonable. Importation of data via the internet should be scanned for viruses dynamically (at download time) or statically, immediately after the download. This includes email transmissions and accompanying attachments.

    Afterword
    By no means did we write the book on viruses and pests but we are experts in this field and in this sense we hope you find our synthesis informative and useful. If you have any questions or insights to bring to bear, please contact us.

     

     
    © 2003, Dr. Computer. All rights reserved.